    I have a new pfSense install that is up and working. However, I'm still making adjustments and tweaking my settings.

    I have 7 computers and 4 VOIP phones (Cisco 7960s). I have two 8 port switches chained together on the Lan side of my pfSense router. I put a 4 port Nic in my pfSense box and I am considering dedicating one of the Nic ports to the phones.

    My phones are connected to a Cloud VOIP service (Mitel)

    If I split my routers I can put all the computers on one switch connected to the Lan Port. I can take on of the extra ports and call it Phone and use the second switch to connect all the phones.

    If I do that I'm not sure how to configure pfSense. I'm also wondering if there is really any benefit or if I am just wasting my time.

    I have a separate Windows server that is handling DHCP and DNS. I was originally thinking I could keep the phone traffic separate from the rest of the Lan, but I don't see a way to run the DHCP server for one interface. I think I can bridge the Lan and Phone port on the Nic so the phones can still see my DHCP server, but then have I given up any potential benefits of keeping the two separate?



  • A common way is to use a VLAN for the phones and then you can use the 2nd port on the phone for connecting a computer. There really isn't much advantage to using separate switches, unless you have a PoE switch for the phones.

  • I already have two drops per office running back to my switches, and also already have two 8 port switches. Does setting up a VLAN have advantages over keeping the switches separate? I'm a software developer, not a network expert. Being naive I see an extra Nic port on the pfSense box and thought maybe I should put it to use.

  • The advantage of VLANs is keeping the phone and computer traffic logically separate. That may or may not be important in your network. For example, with VLANs, you could give the phone traffic higher priority. With hosted PBX, you may find the provider wants a separate Internet connection for the phones. VLANs could be used to support this. As I mentioned, you may want to have a PoE switch for the phones, which is not needed for computers.

